booleans(8)

NAME

   booleans  -  Policy  booleans  enable  runtime customization of SELinux
   policy

DESCRIPTION

   This manual page describes  SELinux  policy  booleans.     The  SELinux
   policy can include conditional rules that are enabled or disabled based
   on the current values of  a  set  of  policy  booleans.   These  policy
   booleans  allow  runtime  modification  of  the security policy without
   having to load a new policy.

   For example, the boolean httpd_enable_cgi allows the  httpd  daemon  to
   run  cgi  scripts if it is enabled.  If the administrator does not want
   to allow execution of cgi scripts, he can simply disable  this  boolean
   value.

   The  policy  defines a default value for each boolean, typically false.
   These default values can be overridden via local settings  created  via
   the  setsebool(8)  utility,  using  -P  to  make the setting persistent
   across  reboots.   The  system-config-securitylevel  tool  provides   a
   graphical  interface  for  altering  the  settings.  The load_policy(8)
   program will preserve current boolean settings upon a policy reload  by
   default, or can optionally reset booleans to the boot-time defaults via
   the -b option.

   Boolean values can be listed by  using  the  getsebool(8)  utility  and
   passing it the -a option.

   Boolean  values  can  also  be  changed at runtime via the setsebool(8)
   utility or the togglesebool(8) utility.  By  default,  these  utilities
   only  change the current boolean value and do not affect the persistent
   settings, unless the -P option is used to setsebool.

AUTHOR

   This manual page was written by  Dan  Walsh  <dwalsh@redhat.com>.   The
   SELinux conditional policy support was developed by Tresys Technology.

SEE ALSO

   getsebool(8), setsebool(8), selinux(8), togglesebool(8)

---

Free and Open Source Software